Master Thesis
Computer Science
Thesis no: MCS-2005:17
September 2005
Innovation within
Digital Rights Management
Camrie Agushi
Department of
Interaction and System Design
School of Engineering
Blekinge Institute of Technology
Box 520
Department of
Interaction and System Design
Blekinge Institute of Technology
Box 520
Internet :
www.bth.se/tek
Phone
: +46 457 38 50 00
Fax
: + 46 457 102 45
University advisor:
Andreas Jacobsson
Department of Interaction and System Design
External advisor:
Peter Ericsson Nestler
Ericsson AB
Address: Nya Vattentornet, SE-221 83 Lund
Phone: +46 46 193000
Contact Information:
Author:
Camrie Agushi
E-mail:
camrie.agushi@ericsson.com
This thesis is submitted to the Department of Interaction and System Design, School of
Engineering at Blekinge Institute of Technology in partial fulfillment of the requirements for
the degree of Master of Science in Computer Science. The thesis is equivalent to 20 weeks of
full time studies.
P
REFACE
The following document is a Master of Science thesis comprising 20 weeks of fulltime studies within the subject of Computer Science. The work has been conducted at Ericsson AB in Lund in co-operation with Blekinge Tekniska Högskola in Ronneby.
The background to the contents of this thesis is my position as a Patent Engineer at Ericsson AB, where I am responsible for the patenting of innovations within the technology area of DRM. A need for an overview of DRM indicating the innovation trends was
identified. The thesis is of interest for Ericsson’s patent & licensing development, as well as for development engineers working and innovating within DRM at Ericsson.
The work with the thesis has been both interesting and instructive, and I have received many valuable experiences that I can use in my professional work at Ericsson AB.
I would like to thank my advisor at Ericsson AB, Mr. Peter Ericsson Nestler, for his valuable comments and support in my work of completing the thesis. Most of all, I would like to thank my advisor at Blekinge Tekniska Högskola, Mr. Andreas Jacobsson, for his new angles of approach, challenging questions and comments, his patience, and dedicated time.
Lund, September 2005
A
BSTRACT
The thesis deals with the topic of Digital Rights Management (DRM), more specifically the innovation trends within DRM. It is focused on three driving forces of DRM. Firstly, DRM technologies, secondly, DRM standards and thirdly, DRM interoperability. These driving forces are discussed and analyzed in order to explore innovation trends within DRM. In the end, a multi-facetted overview of today’s DRM context is formed. One conclusion is that the aspect of Intellectual Property Rights is considered to be an important indicator of the direction DRM innovation is heading.
C
ONTENTS
PREFACE ... 1 ABSTRACT ... 2 CONTENTS ... 3 1 INTRODUCTION ... 5 1.1 BACKGROUND... 5 1.2 PROBLEM DESCRIPTION... 7 1.3 METHODOLOGY... 71.3.1 Possible methodological approaches ... 7
1.3.2 Selected methodological approach ... 8
1.4 DEFINITION OF DRM ... 9
1.5 THESIS OUTLINE... 10
2 DRM... 12
2.1.1 Software DRM and Media DRM – Differences?... 16
3 DRM TECHNOLOGIES ... 17
3.1 COPY PROTECTION... 17
3.1.1 Does copy protection have a future? ... 18
3.2 CRYPTOGRAPHY IN DRM ... 18 3.3 SMART CARDS... 20 3.4 WATERMARKS... 20 3.4.1 Forensic Watermarks... 21 3.4.2 Denial Watermarking ... 21 3.4.3 Multi-Phase Watermarking... 22 3.5 SUMMARY... 22 3.6 DISCUSSION... 22
4 DRM STANDARDS AND STANDARDS-RELATED GROUPS... 23
4.1 BODIES THAT LICENSE AND/OR PROMOTE TECHNOLOGIES... 24
4.1.1 The 4C Entity ... 24
4.1.2 The 5C Entity ... 24
4.1.3 Copy Protection Technical Working Group ... 24
4.1.4 Digital Content Protection LLC... 24
4.1.5 Digital Living Network Alliance ... 24
4.1.6 The DVD Copy Control Association... 25
4.1.7 MPEG Licensing Authority... 25
4.1.8 Smartright... 25
4.1.9 TV-Anytime Forum ... 25
4.1.10 Internet Engineering Task Force... 25
4.1.11 MPEG... 26
4.1.12 OASIS ... 26
4.1.13 Open Mobile Alliance... 26
4.1.14 World Wide Web Consortium... 26
4.2 LICENSE-DRIVEN STANDARDS... 27
4.2.1 Content Scrambling System ... 27
4.2.2 Content Protection for Pre-Recorded Media... 27
4.2.3 Content Protection for Recordable Media... 27
4.2.4 Digital Transmission Content Protection ... 27
4.2.5 SmartRight ... 27
4.3 PEER STANDARDS... 28
4.3.1 MPEG IPMP... 28
4.3.3 eXtensible Media Commerce Language ... 28
4.3.4 eXtensible Rights Management Language... 28
4.4 SUMMARY... 29
4.5 DISCUSSION... 29
5 DRM INTEROPERABILITY ... 30
5.1 CONTENT REFERENCE FORUM... 30
5.2 CORAL CONSORTIUM... 30 5.3 SUMMARY... 32 5.4 DISCUSSION... 32 6 DRM INTELLECTUAL PROPERTY ... 33 6.1 INTERTRUST VS. MICROSOFT... 34 6.2 PATENT PORTFOLIOS... 36 6.3 SUMMARY... 40 6.4 DISCUSSION... 40 7 DISCUSSION... 41 8 CONCLUSIONS ... 43
8.1 DRM TECHNOLOGIES – THE ENABLEMENT OF DRM ... 43
8.2 DRM STANDARDS – THE FRAMEWORK FOR DRM ... 43
8.3 DRM INTEROPERABILITY – THE FUTURE OF DRM... 43
8.4 INNOVATION WITHIN DRM... 44
9 FUTURE WORK IN FORM OF CHALLENGES ... 45
10 REFERENCES ... 46
11 APPENDIX 1: GLOSSARY ... 51
12 APPENDIX 2: DRM PATENT SEARCH... 52
1 I
NTRODUCTION
1.1 Background
Increasingly more and more information is transmitted electronically in digital form. Virtually any information that can be represented by words, numbers, graphics, audio information, or a system of commands and instructions can be formatted into electronic digital information. Electronic devices of various types may be interconnected, providing their end-users with the potential to accomplish a myriad of various services, such as telecommunications, financial transactions, business operations, research, and entertainment related transactions. This poses extraordinary possibilities for electronic content providers, hereinafter denoted as service providers, but also problems that need to be identified, overcome and solved.
A fundamental problem for electronic content owners, hereinafter denoted as content owners, is extending their ability to control the use of proprietary information, such as copyrighted content. Content owners often want to limit the usage of the content to authorized activities and amounts. For example, content owners are concerned with ensuring that they receive appropriate compensation for the use of their content. Unlike analog information, next to perfect copies of digital information can be made relatively easily and inexpensively if the proper protection mechanisms are not in place. These copies may then be redistributed (illegally) without compensation to content owners, service providers and Intellectual Property Rights (IPR) owners. Henceforth, it is understood that both content owners and service providers may own IPR, and thereby also take on the role of IPR owner. Service providers have devised a number of rights protection mechanisms. Among these is Digital Rights Management (DRM). DRM has attempted to address the issue of licensing and controlling distribution of digital content. In general, all DRM systems allow the distribution of digital content in an encrypted form. A set of rights is associated with the content, and only after acquiring the rights to access a protected piece of digital content will an end-user be allowed to decrypt it.
DRM content distribution will become even more widespread as more handheld devices, such as cellular telephones and personal digital assistants (PDAs) become DRM-enabled, and hence this thesis on DRM is relevant. Aspects such as security, user friendliness and acceptance from the different DRM standards are especially relevant parameters for designing and/or evaluating DRM solutions. Therefore these aspects are subjects for further analysis and discussion within this thesis. User friendliness is a term that comprises ease of use and value to the end-user [37], and in order to achieve user friendliness per foregoing definition a balanced business model is required. A balanced business model is required since end-users want to access content at any time and have the freedom to use the content as they like, while content owners need to ensure that they can capture the revenues for their content while allowing a fair degree of flexibility. The balanced business model could be described as a middle ground, a so-called fair play policy, and DRM is the technology to facilitate it. [29]
To be able to understand the DRM context and the DRM market, a description of the key actors is essential. These are the three identified key actors:
o End-users,
o Service providers, and o Content owners.
In the definition of the actor service provider, infrastructure providers are included since an infrastructure provider, similar to a service provider, provides trust environments where content and the associated rights can be managed, and where financial transactions and regulatory demands can be performed and fulfilled.
Further, the actors content owners and service providers are defined as separate actors in this thesis since it is important to distinguish the different scenarios these actors must deal with in the DRM context and market, but in reality both content owner and service provider could be one entity. End-users may further be denoted as consumers in certain market and standardization aspects. The notation depends on the DRM actor and the DRM scenario, for example different standardization and interoperability bodies are recognizing consumers’, i.e. end-users’, increasingly important role in the DRM market.
Obviously, the end-user is the first key actor since DRM is directed towards the end-user and his/her content usage. One can view DRM as a toolbox with different possibilities to try to control the end-users’ consumptions of digital content protected with IPR. Without end-users DRM would be obsolete.
The service provider is the second key actor. Since this actor type sets the framework for the market, this category of actors is very important, especially since they control when and how DRM will be applied. Without service providers there would not exist a framework to enable DRM within.
The content owner is the third key actor. Since this key actor is the actual owner of the content that is to be distributed and used, and also the owner of any IPR pertaining to the content. The content owner could be considered to be the driver for DRM since this type strives and needs a good return on investments.
These three key actors form a DRM context, the DRM context being the general DRM market and not specifically the music industry even though examples in the thesis relate to the music industry. These key actors further act in the DRM market, wherein the market is further strongly influenced by following driving forces:
o DRM technologies, o DRM standards, and o DRM interoperability.
Certainly there are several other driving forces in the DRM market such as economics and legislation (excluding IPR), but in order to delimit the thesis the selection became the three driving forces which most relate to the technology area of computer science.
The aspect of IPR, more specifically patents, is in this thesis considered to be an indicator of the direction the DRM technology is heading. A following assumption from the foregoing consideration is therefore: the stronger patent portfolio a certain DRM provider has, the stronger position the DRM provider has on the DRM market.
1.2 Problem
Description
A fundamental problem for DRM content owners and service providers is to control usage of content. This problem statement needs to be broken down into specific sub-problems in order to facilitate investigation. The following sub-problems are analyzed in the thesis, further conclusions are derived from the analysis of the sub-problems.
o The selection of DRM technologies – Currently there are many different rights protection mechanisms from different content owners and service providers.
How is a technology appropriate for controlling usage of content distinguished? 1
o The DRM standardization work – As foregoing sub-problem, standardization is heading in different directions, and this is a large problem to the DRM market since it poses uncertainty regarding interoperability. [33]
How will standardization reach a common strategy that will facilitate interoperability? 2
o The DRM interoperability issues – The interoperability between the available DRM technologies of today is crucial due to end-users’ increasing demand of that even proprietary DRM technologies be interoperable with standardized DRM technologies.
Will dominating DRM service providers adapt to the interoperability claims? 3
1.3 Methodology
Following is a description of several possible research approaches [34] in order to deal with the stated problem4. Further, a research method is selected based upon
certain prerequisites existing in the thesis that will be discussed in more detail5.
1.3.1 Possible methodological approaches
1.3.1.1 Theory-testing approachThis model tries to answer the question:
Do observations confirm or falsify a particular theory, model or framework? Since this thesis does not intend to confirm or falsify the theory behind DRM, but rather identify the effects of DRM, this approach will not be applicable for the thesis.
1 See chapter 3 DRM Technologies in this thesis.
2 See chapter 4 DRM Standards And Standards-Related Groups in this thesis. 3 See chapter 5 DRM Interoperability in this thesis.
4 See chapter 1.2 Problem description in this thesis. 5 See chapter 1.3.2 Selected method approach in this thesis.
1.3.1.2 Theory-creating approach This model tries to answer the question:
Which kind of theory, model or framework best describes or explains a part of reality?
This approach is used to create new theories, models or frameworks and is therefore non-applicable to the problem statement in this thesis where instead focus is on reasoning around undergoing developments of new DRM technologies, standardization and interoperability.
1.3.1.3 Constructive approach
This model tries to answer the question:
Can we build a certain innovation and how useful is a certain innovation?
This model should be used to evaluate a new innovation before it is fulfilled. Since the intention of this thesis is not to construct anything, but to analyze existing phenomenon, this approach is non-applicable.
1.3.1.4 Conceptual-analytic approach
In conceptual-analytic research, the basic assumptions behind the problem statement are first analyzed. Thereafter theories, models and frameworks that have been used in previous studies and research are identified and thirdly logical and formal reasoning is applied on the results from the foregoing.
This approach could be applicable for this thesis, since the intention is to first analyze the problem statement and then identify the theory behind DRM and thereafter use logical reasoning to discuss and analyze the different effects of DRM in different areas.
1.3.2 Selected
methodological
approach
Here, the conceptual-analytical research approach has been selected as the method approach since this approach is the most applicable for the problem statement. 6 By selecting this research approach the thesis is guided by the theory, wherein the theory contributes to the accumulation of relevant knowledge.
Firstly, an analysis of the most important aspects and goals of DRM should be in place, in this thesis these aspects would be; the technologies, the standardization and the interoperability, and thereafter present a summary on these aspects.
Secondly, an introduction of the assumed indicator of innovation levels of the different DRM actors should be in place, more specifically IPR. The introduction of IPR is necessary in order to understand a following case study pertaining both to DRM and IPR, more specifically the case Intertrust vs. Microsoft. This is then continued with collection of data7 with the aim to empirically conclude who the most innovative
and thereby strongest DRM actors are.
Finally, a discussion should be in place where different effects from DRM are brought up and discussed, and the DRM market is explored in more detail. Thereafter, the thesis is concluded with attempted answers to the stated problem.
6 See chapter 1.2 Problem Description in this thesis. 7 See chapter 1.3.2.1 Collection of data in this thesis.
1.3.2.1 Collection and treatment of data
For the collection and treatment of data, a hybrid strategy consisting of both quantitative and qualitative strategies was used.
The quantitative strategy was used because the thesis had a fixed non-experimental approach with a pre-specified design already in place before reaching the stage of data collection. The advantage of the chosen strategy was the ability to identify patterns that were linked to structures. [38] The starting point of this thesis was the stated problem and the theories and the next step was to formulate search criteria that would be run through a database, Ericsson Patent Search database (EPS)8. The EPS search is
an investigation wherein the population is registered patents and published patent applications, and wherein the sample is EPS registrations. The EPS search resulted in a number of hits, which is considered to be a quantitative measure of the innovation levels of different DRM actors.
The qualitative strategy was used when collecting and analyzing information from books, articles, the Internet, and DRM forums and newsletters. 9 N.B. Only written
material has been used, no interviews have been conducted for data collection. Further, for a more correct overview of the innovation strength of the DRM actors, a patent scorecard for 2004 [43] was used in combination with the EPS search for analysis. This analysis was characterized by the qualitative strategy which was used when analyzing the collected data from the EPS search and when combining the EPS search data with the patent scorecard data in order to analyze and reach as correct cross-table conclusions as possible.
1.4 Definition
of
DRM
Currently there are many different definitions of DRM, to mention a few:
A technology that allows content owners to determine and control who and how users can view content such as media files on the Internet. [39]
DRM refers to the administration of rights in a digital environment. DRM solutions may use technologies to protect files from unauthorised use, as well as manage the financial transaction processing, while ensuring that rights holders are compensated for the use of their intellectual property. [40]
In this thesis, the following definition of DRM is chosen due to that it is considered to be the most general and all-embracing definition come across so far. Further, the definition is deemed to be objective and long-term, i.e. this definition would most likely also be correct in ten years from today, hence this definition is chosen.
8 The patent database contains all of Derwent's patent records relating to telecommunications and
electronics. Each patent record consists of a family of patents (e.g. US, European, Japanese), classification data, and English abstract and related images. The patent database is updated weekly. Derwent’s patent records are published patent applications that are re-classified from the patent offices own classifications to Derwent’s classification codes and entered into the Derwent database. The Derwent database is the most widely used patent database with exception of the patent offices databases that are not public. Therefore, EPS is a both arbitrary and objective sample.
Digital Rights Management is the association of rules governing use and use consequences with digital information of all kinds and the enforcement of those rules at a distance in time and space. [7]
The purpose of DRM is to manage digital goods so that all of the participants in the digital goods chain benefit [3]:
o End-users benefit by getting a good, perhaps novel product or service at a reasonable price.
o Service providers benefit by getting paid to facilitate the distribution of goods, and perhaps by additional related interactions with their customers. o Content owners benefit by getting fairly paid for their efforts, and by
having new, innovative distribution channels available to them.
1.5 Thesis
Outline
The thesis is outlined to include an introduction and a general background to DRM, and thereafter continues with an analysis of the three driving forces that form the DRM market, namely DRM technologies, DRM standards, and DRM interoperability.
Further, the thesis includes the aspect of IPR, more specifically patents, since it is considered to be an indicator of the direction DRM innovation is heading.
Finally, the thesis is concluded with a discussion regarding the innovation trends within DRM and the direction DRM is heading with the collected overview of the driving forces within DRM and IPR as a background to this discussion.
The thesis is concluded with a discussion regarding the future of DRM. Following is a more detailed thesis outline.
o Chapter 1: Introduction
This chapter includes the background, problem description, methodology, definition of DRM, and the thesis outline.
o Chapter 2: DRM
This chapter includes the general concepts of DRM, and the differences between software DRM and media DRM.
o Chapter 3: DRM Technologies
This chapter includes the most dominating and frequent DRM technologies, such as copy protection, cryptography in DRM, smart cards, and watermarks.
o Chapter 4: DRM Standards and Standards-related Groups
This chapter includes the most dominating and frequent standardization groups. The standardization groups are categorized in subgroups such as bodies that license and/or promote technologies, license-driven standards, and peer standards.
o Chapter 5: DRM Interoperability
This chapter includes the aspect of DRM interoperability, further the adhering standard bodies for interoperability are also included.
o Chapter 6: DRM Intellectual Property
This chapter includes a general overview of IPR, a case study of Intertrust vs. Microsoft, and an EPS search on existing DRM granted patents and published patent applications. Further, the EPS search is complemented with a patent scorecard. The purpose of the EPS search and the patent scorecard is to establish the strongest DRM actors on the market from an innovation perspective.
o Chapter 7: Discussion
This chapter includes a discussion regarding DRM and the innovation trends within this area, with background of what has been concluded from previous chapters.
o Chapter 8: Conclusions
This chapter includes the final conclusions of the analysis and discussion. o Chapter 9: Future Work
This chapter includes indications on which areas that need further focus on and further work.
o Chapter 10: References
This chapter lists the references used in the thesis. o Appendix 1: Glossary
This appendix explains the acronyms and abbreviations used in the thesis. o Appendix 2: DRM Patent Search
This appendix includes the total EPS search performed, which is the basis for Table 1.
o Appendix 3: Patent Scorecard
This appendix includes the total patent scorecard for the technology areas of Computers and Telecommunications, which is the basis for Table 2.
2 DRM
Management of digital content refers to the content owner’s requirement to control and charge for its content. That means having the possibility to apply different charging formats and options to control frequency of use, the number of devices on which it can be used etc.
There are two main groups of functionality that need to be managed [36]: o Control
How frequently can the content be accessed – for example, unlimited access to the content within a specified time frame or limited number of events of access to the content within an unspecified time frame?
On which device can the content be accessed – can it be executed and stored on more than one device?
o Charging
How much should the end-user be charged? Per event or per time? Can super-distributed content be detected and charged for?
The rights component refers to the end-user’s requirement to access, port, and distribute their licensed content as they wish. When end-users pay for content, they require the flexibility to access the content over different devices whenever they want.
Rights can be divided into four main groups [36]:
o Access: by access one refers to how and when the content is accessed, for example viewing, listening, reading or interactive.
o Portability: Is the end-user able to access the content on different devices, for example on their future phone, PDA or PC?
o Duplication: The ability to make copies of the content to store on other devices.
o Distribution: P2P10 distribution (secondary distribution by end-users) of the content and the rules that govern it.
The set of rights associated with an end-user’s use of a particular piece of content is often referred to as usage rights. Some usage rights are date and time based. For example, the usage rights associated with a particular piece of content may stipulate that usage be allowed only between a specific start time (and date) and end time (and date) based on costs. Alternatively, the usage rights associated may stipulate that usage be allowed only for a certain amount of time, such as two hours, with the end-user himself/herself selecting the start time and date of usage of the content. Yet another alternative of usage rights associated with a particular piece of content may stipulate how many times that usage be allowed. The time-based usage rights must rely on a time reference to authorize and track the time-based usage rights.
The time reference, however, is not necessarily secure. A problem arises when a malicious end-user gains access to the time reference and changes the time value so that access to the content is obtained outside the scope of the usage rights, i.e., for more time than was purchased.
10 A sharing and delivery of user specified files among groups of people who are logged on to a
file-sharing network. Napster was the first mainstream P2P software that enabled large scale file-file-sharing. [41]
Figure 1 illustrates a basic model for providing content using DRM. A content owner creates and packages digital content according to the DRM specification and establishes one or more sets of usage rights (denoted rules in the Figure) and associated usage costs, which are associated with the various possible uses of the content (e.g., play, print, copy, distribute etc) and allowable number of times, or time period, that the content is made available. The content is transferred encrypted to a service provider that makes it available to end-users, for example on a service provider’s storefront website. An end-user may then browse the service provider’s available content and select content of interest to the end-user, while also selecting one of the defined usage rights for the content (noting the associated usage costs). The end-user makes the appropriate payment to the service provider for the selected content/usage, at which time the content and usage rights can be transferred encrypted to the end-user’s equipment, which may be a cellular telephone or other device. The equipment can then render the content according to the usage rules to make it available for use by the end-user according to the usage rules. In some cases, the rights are cleared through payment to an intermediary (not shown), such as a payment broker, which then signals the service provider to supply the content.
Content
owner
Service
provider
End-user uses
content
according to
rules
Payment Transfer of encrypted content and rules Transfer of encrypted content and rules Encypted content E nc ypt ed c ont e nt P ay m ent FIGURE 1Figure 2 illustrates a basic model for providing content using DRM. A service provider creates and packages digital content according to the DRM specification and establishes one or more sets of usage rights (denoted rules in the Figure) and associated usage costs, which are associated with the various possible uses of the content (e.g., play, print, copy, distribute etc) and allowable number of times, or time period, that the content is made available. Further, the service provider makes it available to users, for example on a service provider’s storefront website. An
end-user may then browse the service provider’s available content and select content of interest to the end-user, while also selecting one of the defined usage rights for the content (noting the associated usage costs). The end-user makes the appropriate payment to the service provider for the selected content/usage, at which time the content and usage rights can be transferred encrypted to the end-user’s equipment, which may be a cellular telephone or other device. The equipment can then render the content according to the usage rules to make it available for use by the end-user according to the usage rules. In some cases, the rights are cleared through payment to an intermediary (not shown), such as a payment broker, which then signals the service provider to supply the content. The differences between Figure 1 and Figure 2 are that the content owner and the service provider in Figure 2 are one entity, further the DRM related information in Figure 2 is transferred as two entities, one entity for the encrypted content and one entity for the usage rules (denoted rules in the Figure).
Service
provider
End-user uses
content
according to
rules
Transfer of encrypted content & linking information E nc ry pt ed c ont e nt P ay m ent Transfer of rules & linkinginformation
FIGURE 2
The DRM related information might be defined generally as two entities – the content container and the license. These entities can be transferred either as one physical package or as two separate physical packages, as shown in Figures 1 and 2. The latter case is more flexible since a new license can be obtained without resending the entire content and a higher security level is achieved when content and license are not transferred together. If the content container and license are transferred separately, they each must include linking information. The content container mainly comprises the actual content that the end-user wants to render, which is in an encrypted form to protect against unauthorized usage. The license is an entity that includes the usage rights of the associated content and the information needed to generate the key needed for content decryption.
As discussed above, the usage rights define the conditions that apply to the rendering of the content. To allow for flexible and extensible expression of the usage rights, special Rights Expression Languages (REL) have been developed. Two of the dominating REL alternatives today are called Extensible Rights Markup Language (XrML) and Open Digital Rights Language (ODRL), both of which are based on Extensible Markup Language (XML). XrML11 is a programming language, developed
at Xerox PARC and that was previously known as Digital Property Rights Language (DPRL) [44] and ODRL12 is a competing standard for expressing DRM semantics [45].
Figure 3 illustrates a basic model for authenticating an end-user.
Service
provider
End-user uses
content
NO:
Abort process End Authentication succeful? Authentication request Y ES: E nc ry pt e d c ont ent FIGURE 3
An encryption/decryption algorithm is employed for encrypting and decrypting the content. The algorithm is preferably symmetric, that is an identical key is used for both operations, for efficiency reasons. The keys themselves, however, can also be protected by using asymmetric ciphering algorithms, which make use of a public/private key pair. Additional security may also be obtained by incorporating the use of digital certificates and digital signatures. A digital certificate establishes the end-user’s credentials such as name, expiration date etc. and contains a digital signature which is an electronic signature that is used to authenticate the identity of the sender or signer of the content. The complete model for reliable distribution of public keys by using certificates and digital signatures is known as the Public Key
11 See chapter 4.4.4 XrML in this thesis. 12 See chapter 4.4.2 ODRL in this thesis.
Infrastructure (PKI)13. PKI is widely deployed for key management within DRM since
PKI enables a relatively secure protection mechanism for DRM. [4] [36]
2.1.1 Software
DRM
and
Media DRM – Differences?
There are two content types and there are protection mechanisms for software and protection mechanisms for media. What is the difference between the two content types?
When dealing with media content such as movies, books, or music, an attacker only has to decrypt and store the content. This is because the content itself is passive and conforms to documented file formats, and (for audio/video) uses known codecs. A decrypted file is a broken file.
Software content, on the other hand, can be pre-processed in ways much more subtle than encryption. It may not be bulk encrypted14 at all. Certain functions can be added and altered, some functions may change over time as the program executes to foil static disassembly, functions can monitor the integrity of other functions or call home over the Internet, and so forth. Note that not all software DRM systems actually take advantage of these possibilities, some just bulk-encrypt the binary code and decrypt it later, perhaps on the fly at run-time. But these systems are vulnerable to clear text capture, wherein clear text is the term used in cryptography used for the unencrypted form of protected content. Therefore these systems are much less secure than they could otherwise be since an attacker of a cryptography-based system would strategically seek to obtain clear text in order to break the encrypted content.
The conclusion is that it is currently more feasible to build high-quality DRM systems for software content than it is for media content since the possibility of pre-processing of software content poses a great benefit from a quality perspective.
13 PKI is a method for authenticating a message sender or encrypting a message. It enables users of an
insecure public network, such as the Internet, to securely and privately exchange data through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. It provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. [42]
3 DRM
T
ECHNOLOGIES
Controlling digital content while still keeping the digital content accessible is difficult. There are many technology factors in a satisfactory DRM system and efficient security is part of it, but so is user friendliness and business flexibility. In the latter factor, further sub-factors can be considered such as scalability and performance of the system, and interoperability that will be discussed separately15 as well. The
challenge has proven to be to find the right balance of all these factors.
The trade-off between security and accessibility (accessibility including the factors user friendliness and business flexibility) is very much dependent on the right balance, as mentioned before. The right balance is the trade-off between when the security of the protected content is on a level that the content owner is satisfied with, when the protected content is easily accessible for the user, and when the protected content actually is used.
The following is an analysis of DRM technologies such as copy protection, cryptography, smart cards, and watermarks since these are the most frequent and more or less successful technologies within DRM.
3.1 Copy
Protection
Copy protection is the technology to prevent the copying of data. Historically, physical processes such as photocopying were required to violate copyright, but now, digital data/information such as a file on a hard drive, can be copied without difficulty. In the special case where the data to be protected is on a proprietary physical medium, copy protection technology can be built-in to the media specification, such as is done on DVDs. Audio formats such as SACD and DVD Audio have watermark based copy protection technology designed in a priori. However it seems that the security in these schemes rely primarily on the closed nature of the actors, which only is a temporary advantage, i.e. you cannot keep these schemes secret from the public for a longer time period.16
Or, for older sorts of physical media such as Red Book Audio CDs [8], copy protection schemes exist which exploit the holes of the media specification to, for example, allow audio playback on end-user CD actors but not on PCs.
So far the balance between the factors that constitute a good DRM system has not been optimal. A more balanced DRM approach would allow copying as free distribution and focus on controlling how the recipient of content uses the copied data. [3]
15 See chapter 5 DRM Interoperability in this thesis. 16 See chapter 4.4.2 Denial Watermarking in this thesis.
3.1.1 Does copy protection have a future?
One could ask the question if copy protection has not been successful, why keep on to it? When attempting to answer that question several alternatives must be considered. The alternatives are the following:
No copy protection:
Since it is not successful, it seems futile to continue. The option would be to leave everything in the clear and rely on content providers being paid for the used content. This approach does not really come into question today.
Control content use, not content copying:
This approach is used more or less successfully today by the game industry e.g. PC games. This approach will be further analyzed and discussed.17
Change perception of copy protection:
In and of itself, copy protection or any sort of usage control has a negative perceived value to end-users since end-users do not want to be restricted or controlled in their usage of content. This prerequisite from the end-users leads to the compromise to develop creative business ideas where end-users get value that compensates for limited copying ability such as e.g. mobile subscriptions, rights in multiple formats, single-sign on for entertainment, wireless home broadcasting etc.
3.2
Cryptography in DRM
Cryptographic technology can essentially be difficult to break in a well-implemented system applied to an appropriate problem. But cryptography cannot go far enough in providing security for mass-market DRM, this will be illustrated in the following example.
For a situation where a sensitive message is to be sent between two persons, this would involve [3]:
o Specialized equipment and knowledge,
o A willingness to work with complex procedures (authentication), o The ability to change the equipment and procedures frequently if
necessary,
o A small secret (the message, e.g. a private or secret key) that does not require local storage,
o Only two participants, and
o Transient value: the message is only temporarily secret, meaning that e.g. private or secret keys are only valid for a certain period of time or a certain number of accesses and then need to be re-generated or re-placed with new keys.
By analyzing the message alone it would be highly unlikely that it would be breakable if a relatively strong cryptography were properly applied to the message. In order to break the message you must rely on mistakes and weaknesses of humans in the chain, i.e. not to meet above specified criteria and attributes.
Unfortunately for content owners and DRM technology providers, the DRM problem turns all of the above attributes upside-down:
o Common mass-deployed equipment such as commodity PCs must be used. Such equipment does not provide any robust hiding places for secret data. o The end-users will not tolerate complex procedures.
o It is virtually impossible to upgrade end-user hardware in a mass-market, further it’s also difficult for end-users to upgrade software and procedures. o The content, so called secrets, e.g. PC games, MPEG videos, MP3 files are
fairly large, and require local storage.
o Although there may be only one originator (the content source) there are
millions of potential recipients.
o The data has lasting value. The data which end-users want to gain access to is usually a popular game or video and these decrease in value relatively slowly over time (compared to other games and videos).
Given the above attributes, the outcome is that cryptography is part of the solution, but not the solution.
As an example to be analyzed, assume you want to protect a PC video game from piracy using cryptography. A solution would be to strongly encrypt the game before the end-user gets it, and decrypt it using the right key at the last possible moment, maybe even inside the PCs RAM at runtime but that key has to be stored somewhere in the PC.
A malicious end-user does not bother trying to break the key itself, the end-user just has to find the key. This malicious end-user strategy is called the key discovery problem, and is a serious problem in open systems. In fact, the malicious end-user probably does not even go to that trouble. If he/she can get the game to play at all, for example as part of a time-limited trial, the DRM software will decrypt it for him and all that the malicious end-user has to do is to capture it in the decrypted form. The capturing part might require some work and technical skills but it is substantially easier than figuring out the decryption key the hard way i.e. by brute force, and probably quite easier than looking at the run time operation of the program to see the key go by, capture it, and replay it. [6]
From this example we can learn some lessons for either producers or end-users of DRM technology:
o Additional techniques above and beyond cryptography are necessary, and o DRM vendors should be very careful with claiming to be unbreakable.
3.3 Smart
cards
Smart cards are standardized and relatively tamper proof security microprocessors used for various applications such as banking, automatic road toll collection, and Virtual Private Network (VPN) access. Smart-card platforms that support multiple applications are available but so far there is not much motivation for businesses such as, e.g. credit card companies and DRM providers to share cards. Although smart cards have obvious technical appeal for DRM the adoption of smart cards is limited in this field, one reason for this could be the lack of application flexibility.
In the long term, the decreasing cost and increasing functionality of smart cards, coupled with content owners piracy fears, will probably see them deployed for DRM. The SmartRight consortium [9] appears to be gaining consensus for their smart-card-based end-user DRM scheme. Microsoft has added support for smart cards in their XP operating system.
3.4 Watermarks
Watermarking is a type of steganography, the insertion of hidden data such as copyright information into visible data such as a JPEG image. [5] There are various kinds of watermarks, depending on the purpose of the embedded data, whether it is the same for each instance of a given content item, whether one or both of the signals are analog vs. digital, how subtly the data is embedded, how perceptible the data is, and whether the watermark is intended to survive, possibly malicious, manipulation of the marked file. [35]
It is important to realize that a watermark is not a form of encryption. A watermark modifies data but leaves it in the clear and cannot, by itself, prevent or enable playback of the data except in the special case where playback is restricted to proprietary closed boxes which insist on seeing the watermark.
Generally, watermark schemes fall into three categories. The categories are summarized as follows and then each is further discussed below.
o Forensic watermarks do not actually stop anyone from copying or otherwise manipulating content but they establish where the content came from originally, and perhaps identify one or more subsequent participants in the content distribution chain.
o Denial watermarks aim to actually prevent content from being accessed fraudulently.
o Multi-phase watermarking schemes usually involve a state change in the content. In the initial state, the content is in a distribution or sample form that may or may not be easily usable. Then an end-user legitimately acquires the content and it is transformed into a form that is more usable but which typically also embeds the end-users identity into the content. So if he/she posts it on a P2P site, he/she can be identified and presumably also have to take the consequences for the actions.
3.4.1 Forensic
Watermarks
In a typical forensic application, a watermark is a digital signal within a digital media file, which cannot be detected without special knowledge, and remains in place even if the signal is converted to analog form (e.g. a photocopy of a picture, or an analog audio recording).
A watermark is aimed to be robust against removal attacks, and identifies information about the copyright owner for the watermarked item. Moreover a watermark is the same for all instances of a given media file, and is intended to track copies of the data, not to directly prevent the copying.
Sometimes watermarks identify specific individual end-users of content rather than just the content source, this is usually referred to as fingerprinting and is often part of a larger hybrid watermarking system.
3.4.2 Denial
Watermarking
Originally, denial watermarks were used in preventing copying of media files. The Secure Digital Music Initiative (SDMI) [10] tried to prevent copying of digital audio files using watermarks, but the proposed watermarking technologies were broken when laid open to public analysis. This standard applied to audio in PCs, which are open systems where reverse engineering and hacking are well-established traditions.
Copy protection watermarking has been applied to the next-generation physical audio formats SACD and DVD Audio. Such systems look for a watermark in the content and refuse to play it back if the watermark is not found.
Further, producing a valid watermark involves secrets (presumably asymmetric keys, more specifically two separate keys are used, usually called public and private keys, and either key can be used to encrypt or decrypt data) unavailable to the public. Such watermarking has good chances of working here because the actors are closed systems that can force adherence to the watermark rules and they do not have raw digital outputs that could be used to capture data for analysis and hacking on a PC.
These implementations do not make a positive case for denial watermarking. Firstly, the content is encrypted as well as watermarked, so watermarking is not relied on as a first line of defense. SACD at least, has additional security mechanisms as well. Therefore, it is the closed box that is being relied upon, more than the strength of any of the security logic inside the box.
If the media were fully readable via software on PCs it is very likely that these schemes would be broken, just like SDMI watermarks were.
The closed nature may slow down the hackers, however PC-based actors with digital outputs exist for at least one of these formats, and their long-term security is highly questionable.
3.4.3 Multi-Phase Watermarking
The universal characteristic so far for multi-phase watermarking schemes is that content exists in one form as originally distributed, and a second fingerprinted form once legitimately licensed. The point is not to make watermarks an unbreakable denial-type security mechanism since they are not capable of that task.
From a technology point of view, these schemes are highly complex. The problem is that they replace one system with two phases, and the first phase (usually involving conventional encryption) is inherently no harder to break than any other media protection scheme. Thus, if the first phase is broken, the features of the second phase never come into play since the attacker has already broken the encryption and obtained the clear text content and therefore the features of the second phase are irrelevant.
3.5 Summary
In this chapter we have introduced a general overview of the available DRM technologies in order to provide a good and comprehensive picture of the enablement of DRM.
3.6 Discussion
In the problem statement we asked the question;
How is a technology appropriate for controlling usage of content distinguished? An attempt to answer this question in this thesis would be that the distinguishing features of a technology for controlling usage of content would be the criteria set for the technology in question. More specifically, the most important criteria for a DRM technology are firstly the deployment of a simple DRM solution that allows control but at the same time is flexible enough to provide rights and secondly the transparency of the solutions to the end-user. Naturally, these two criteria are accompanied by parameters such as use case, to which extent the content owner wants to protect the content, which end-users are the target focus for the content, what should be possible for the end-user to do with the content etc.
Currently there are many different rights protection mechanisms from different service providers to choose among, and an important issue to emphasize is that end-users will demand that different solutions work well with each other, in other words that interoperability exists and works well. This issue will be discussed in more detail separately 18.
4 DRM
S
TANDARDS
A
ND
S
TANDARDS
-R
ELATED
G
ROUPS
Today there is a wide scale of organizations with an interest in DRM standards, due to a mix of many general architecture standards and proprietary solutions.
At one end of the scale are organizations that define proprietary licensed DRM technologies such as the Content Scrambling System (CSS) necessary to build a DVD player. Compliance with such licenses often prohibits certain features, such as raw digital outputs. Often joining such an organization is by invitation only and/or is very expensive.
The middle ground consists of organizations like Contentguard that are specifically concerned with DRM and/or standards, but promote them in a more freely available manner. They are less likely to involve specific hardware and more likely to be produced by open processes in organizations that anyone can join, with specifications accessible to all. The XrML standard and W3C organization are typical examples of this class.
Finally there are diverse industry consortia seeking to advance their members’ interests by promoting (or opposing) the adoption of specific technologies pertaining to DRM. Even these organizations often publish their main documents in secret, and are accessible only to corporate members that often pay substantial annual fees.
For all such groups, patents, which might prevent the free implementation of standards, are a major issue. So much so, that the early proponents of a standard may choose one hosting organization over another primarily on that basis. For example, the W3C IPR Policy specifically tries to exclude patented technology from standards, while other groups are more likely to tolerate patented technologies as long as they are easily licensed e.g. on a reasonable and non-discriminatory basis.
Not surprisingly, the closed, license-driven standards and standards bodies are about security and copy protection, and the open standards and standards bodies such as OMA focusing on standards and interworking
Following is an outline of bodies that license and/or promote technologies19,
license-driven standards20, and peer standards21. This outline could be considered to be
a type of empirical investigation with the criteria of DRM, copy protection, content control and interoperability. The outline is concluded with a summary and discussion.
19 See chapter 4.1 Bodies that License and/or Promote Technologies in this thesis. 20 See chapter 4.2 License-Driven Standards in this thesis.
4.1
Bodies that License and/or Promote Technologies
4.1.1 The 4C Entity
The 4C Entity is a consortium of 4 computer technology companies22 that fosters the production of, and subsequently licenses, intellectual property associated with content control. The 4C entity emphasizes secure storage, while the 5C Entity23 emphasizes secure transmission. [11]
4.1.2 The 5C Entity
The 5C Entity is a consortium of 5 computer technology companies24 that fosters the production of, and subsequently licenses, intellectual property associated with content control. The 5C entity emphasizes secure transmission e.g. over domestic IEEE 1394 links, while the 4C Entity emphasizes secure storage. [12]
4.1.3 Copy Protection Technical Working Group
CPTWG is an industry consortium, supported by the Motion Picture Association of America (MPAA), which proposes copy protection technology. They created the Broadcast Flag proposal25 and are also investigating means to close the analog hole.
The analog hole means that digital content must still be converted to analog to allow consumers to view content on their existing equipment (e.g. analog TV sets), and in this conversion the content protection is not preserved, hence creating the analog hole. [14]
4.1.4 Digital Content Protection LLC
Digital Content Protection LLC is an organization created to license High-bandwidth Digital Content Protection (HDCP), a scheme for protecting video on Digital Video Interactive (DVI) links. [15]
4.1.5 Digital Living Network Alliance
Digital Living Network Alliance is formerly known as the Digital Home Working Group (DHWG) with a vision of a wired and wireless interoperable network of Personal Computers (PC), Consumer Electronics (CE) and mobile devices in the home. [15]
22 IBM, Intel, Matsushita, and Toshiba
23 See chapter 5.1.2 The 5C Entity in this thesis.
24 IBM, Intel, Matsushita, and Toshiba, who are the 4C Entity, plus Hitachi
25 The Broadcast Flag proposal is a technical proposal using the ATSC (Advanced Television Systems
Committee) Redistribution Control descriptor as a Broadcast Flag to signal protection for DTV (Digital TV) content against such unauthorized redistribution.
4.1.6 The DVD Copy Control Association
The DVD Copy Control Association is an exclusive and expensive association one has to belong to when wanting to build DVD players and also play by the rules. In other words, they are the key-holders for CSS. [17]
4.1.7 MPEG Licensing Authority
MPEG LA is an association for Intellectual Property licensing related to video and DRM.
Implementers of modern media systems involving DRM are at risk of infringing dozens of patents. The effort and risk of researching and licensing DRM-related technologies piece by piece is huge, so organizations like to MPEG LA offer access to appropriate patent pools for specific technologies. For example in early 2005 they offered a consolidated license applicable to OMA DRM. [18]
4.1.8 Smartright
Smartright is a consortium of mostly European companies, who support a smart card based copy protection system for digital home networks, which seems to be gaining momentum. The full scope of the work is not yet clear, but at the very least it covers in-home video, effectively taking conditional access beyond the satellite TV set-top, to all of an end-user's video-capable devices. In this way digital content is never transmitted in the clear even within an end-user's home. [9]
4.1.9 TV-Anytime
Forum
TV-Anytime Forum is, in their own words; an association of organizations which seeks to develop specifications to enable audio-visual and other services based on mass-market high volume digital storage in consumer platforms - simply referred to as local storage.
In other words, an embryonic standards body trying to define how content stored in your own home can be made interoperable and copy protected. Most members are European media and TV-technology companies who want to keep a piece of the action in the era of the Personal Video Recorder (PVR). Another member not pertaining to the latter category of members is Microsoft that is presumably there to support the strategy of getting the Windows Media Player codecs out of the PC box and into mass-market consumer electronics. [19]
4.1.10 Internet Engineering Task Force
Internet Engineering Task Force is the primary managers of core Internet technology such as routing, switching etc. From the IETF point of view, DRM is an application that is outside their scope. They did have a working group on Internet DRM, but it was closed in early 2003. Their position on IPR is, in effect, not to have a position on IPR, which means that both reasonable and non-discriminatory (RAND) and royalty-free technologies may be included in their standards. [20]
4.1.11 MPEG
The Moving Picture Experts Group (MPEG) is a working group of ISO/IEC in charge of the development of standards for coded representation of digital audio and video. The organization is actually somewhat of a hybrid, democratic and non-proprietary, but with a controlled membership and licensed technologies.
Basically, when it comes to digital codecs, especially for video, there is Microsoft, there is Real Networks, and there is MPEG. MPEG is non-commercial, has quite a few members from academia, and is based in Europe. This result in high-quality technology but also some slowness to market and possibly also overkill specifications that no one would ever fully implement.
However, some of their standards such as MP3 audio and MPEG-2 video as used on DVDs, are highly successful, and their vendor neutrality is a large advantage with content owners who do not want to get locked into proprietary solutions. [21]
4.1.12 OASIS
The Organization for the Advancement of Structured Information Standards (OASIS) started in the early 1990s as an SGML group and followed the evolution of SGML through XML and applications thereof. Said applications were used to include XrML but as of summer 2004 OASIS is no longer in that business instead it is largely in the hands of MPEG. Further, OASIS has a RAND IPR licensing Policy. [22]
4.1.13 Open Mobile Alliance
OMA is a consortium of the Wireless industry focused on standards and interworking. Notably, their efforts include a comprehensive DRM framework (OMA DRM) based on, among other things, ODRL.
OMA DRM is the most comprehensive multi-vendor DRM community. [23]
4.1.14 World Wide Web Consortium
The World Wide Web Consortium (W3C) is the technological home of the World Wide Web. Technically very capable but sometimes surrounded by Intellectual Property problems and funding issues, they are widely regarded as the idealists of the standards world. They have a Royalty-Free Intellectual property policy.
Like the IETF, they do not appear to have significant ongoing activities in the area of DRM technology other than ODRL. [24]
4.2 License-Driven
Standards
4.2.1 Content Scrambling System
CSS is a proprietary licensable encryption scheme that is used to encrypt the MPEG-2 payload on DVD videodisks. It only became visible enough to be considered a standard when it was broken with the production of deCSS. To build compliant DVD systems i.e. ones that descramble CSS legally, you need to join the DVD Copy Control Association.
4.2.2 Content Protection for Pre-Recorded Media
CPPM is a licensable copy protection method from the 4C Entity which appears to be a variant of CPRM26 for pre-recorded media, descended from CSS. CPPM is used
on DVD Audio disks.
4.2.3 Content
Protection
for Recordable Media
CPRM is a proposal for renewable cryptographic methods for protecting entertainment content when recorded on physical media from the 4C Entity. CPRM also promotes several storage media types.
4.2.4 Digital Transmission Content Protection
DTCP is a proposed encryption mechanism for use on advanced digital interconnect joining consumer electronics and PCs, sponsored by the 5C entity. The concern is that unencrypted media transmitted over standardized high-speed digital interconnect such as IEEE 1394 is easily intercepted for piracy purposes.
4.2.5 SmartRight
SmartRight is an in-home copy-protection system for digital content proposed by the consortium of the same name. The proposal seems to be gaining momentum, but it apparently overlaps with the Digital Transmission Content Protection (DTCP) proposal.
4.3 Peer
Standards
4.3.1 MPEG
IPMP
MPEG acknowledges the significance of DRM, especially interoperability thereof, but does not really have its own DRM standards, unless you count their rather generic and requirements-oriented IPMP (Intellectual Property Management and Protection) concept, which traces its roots back to MPEG-4. More recently, the MPEG-21 standard has endorsed XrML as the rights expression language for MPEG.
4.3.2 Open Digital Rights Language
ODRL was invented at IPR Systems, an Australian document-focused DRM company, and submitted to the W3C in fall 2002. Like XrML, ODRL is XML-based and freely usable, but unlike XrML, it does not come from an organization with a large DRM patent portfolio. However just because IPR Systems does not have or even approve of DRM patents it does not mean that a DRM system using ODRL is immune to infringing the patents of Contentguard, Intertrust, or others. There is a race between XrML and ODRL, where ODRL is apparently losing out to XrML. ODRL is still in the game, notably with a win in the wireless world, where the Open Mobile Alliance has adopted parts of ODRL as a rights-management language for mobile content. [25]
4.3.3 eXtensible
Media Commerce Language
XMCL is a proposed XML-based rights-expression standard from Real Networks. Real Networks never really tried hard to establish it as a serious competitor to XrML. It was submitted to the W3C, but seems unlikely to go further.
4.3.4 eXtensible
Rights
Management Language
XrML is an XML-based proposed standard Rights Expression Language, created by Contentguard and endorsed by Microsoft, which is part owner of Contentguard. XrML is widely considered the most technically capable rights expression language.
Fortunately most implementations probably do not need to use everything in the specification.
There has been some confusion regarding the IPR status of XrML. XrML itself is freely available just like, say, ODRL. Contentguard does not license XrML per se. However, it is entirely possible that a company implementing a new DRM system could infringe on parts of Contentguard’s large patent portfolio, and thus require a license from them. This could, for the sake of example, even be true if said system used ODRL as its rights expression language. It is being widely adopted, notably as the MPEG-21 Rights Expression Language. [26]
4.4 Summary
In this chapter we have introduced a general overview of the current DRM standards and standards-related groups in order to provide a good and comprehensive overview of the framework for DRM.
4.5 Discussion
In the problem statement we asked the question;
How will standardization reach a common strategy that will facilitate interoperability?
An attempt to answer this question in this thesis would be that there is a trend towards the simplification of DRM technology architectures, but there is still plenty of uncertainty concerning solutions. Standards have a key role to play, but a mix of many general architecture standards and proprietary solutions will continue to characterize the DRM market. This confusion will not stop the use of DRM, but it will be highlighted in problems of cross-device interoperability.
Currently there are many different standardization directions, and an important issue to emphasize is that end-users will demand that different solutions work well with each other, in other words that interoperability exists and works well. This issue will be discussed in more detail separately27.
5 DRM
I
NTEROPERABILITY
In this thesis, the definition of interoperability is the following:
The condition achieved when two or more technical systems can exchange information directly in a way that is satisfactory to the users of the systems. [46]
5.1
Content Reference Forum
There is currently a lack of interoperability between digital content technologies that makes it challenging for end-users to easily get the content they want, in the format, platform and other preferences they choose.
Today, there does not exist a technical and business framework to achieve interoperability across multiple technology platforms and enable new business models due to that DRM vendors are pushing for their own standard to be used as the de-facto standard.
The Content Reference Forum (CRF) plans to change the lack of interoperability by developing a universal way to distribute digital content across various mediums and geographies. CRF goal is to create a dynamic marketplace where end-users can get and share the right content for their platform and preferences, and where underlying commercial agreements and rights are respected.
CRF promotes creating an open framework for interoperable, platform- and business model-independent digital content distribution. How CRF intends to achieve this is indicated by a a quote from the chairman of the CRF:
“We believe that the proliferation of open standards helps facilitate interoperability and stimulates a more robust marketplace. The vision of the CRF is for consumers to enjoy and redistribute content with commercial terms beneficial to all members of the value chain and the MPEG REL is an important component to help that vision become a reality. The CRF already uses the MPEG REL and a number of other standards in our specifications. The Content Reference Forum welcomes the official announcement of the ISO MPEG REL standard.”
Contentguard is a founding member of the CRF and is actively involved in the development of CRF specifications. [27]
5.2
Coral Consortium
A group of companies, including Intertrust, several makers of consumer electronics, and Fox Movie Studios has formed the Coral Consortium that is a standards initiative dedicated to interoperability of DRM systems.
The drive for the Coral Consortium is work that Intertrust has been doing on interoperability. They have built a test-bed system called Networked Environment for Media Orchestration (NEMO) that achieves interoperability among a range of devices, formats, networks, and types of services.
